cbcvebase.
CVE-2023-6835
published 2023-12-15

CVE-2023-6835: Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.

PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.52%
40.2th percentile
Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.

Affected

8 ranges
VendorProductVersion rangeFixed in
wso2api_manager
wso2api_manager
wso2api_manager
wso2iot_server
wso2wso2_api_manager>= 2.2.0.0 < 2.2.0.162.2.0.16
wso2wso2_api_manager>= 2.5.0.0 < 2.5.0.172.5.0.17
wso2wso2_api_manager>= 2.6.0.0 < 2.6.0.242.6.0.24
wso2wso2_iot_server>= 3.3.1.0 < 3.3.1.173.3.1.17
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.